In early November 2025, a massive data breach at Knownsec, a prominent Chinese cybersecurity firm with government ties, sent shockwaves through the international security community. […]
Hackers Abuse runc Tool to Escape Containers and Compromise Hosts
Three critical vulnerabilities in runc, the widely-used container runtime that powers Docker and Kubernetes, have been disclosed, allowing attackers to break out of container isolation […]
Elastic Defend for Windows Vulnerability Allows Threat Actors to Gain Elevated Access
Elastic has released a security advisory addressing a significant vulnerability in Elastic Defend that could allow attackers to escalate their privileges on Windows systems. The […]
LangGraph Deserialization Flaw Enables Execution of Malicious Python Code
A critical remote code execution vulnerability has been discovered in LangGraph’s checkpoint serialization library, affecting versions before 3.0. The flaw resides in the JsonPlusSerializer component, […]
New Whisper-Based Attack Reveals User Prompts Hidden Inside Encrypted AI Traffic
Microsoft researchers have unveiled a sophisticated side-channel attack targeting remote language models that could allow adversaries to infer conversation topics from encrypted network traffic. Despite […]
Monsta FTP Remote Code Execution Flaw Being Exploited in the Wild
Security researchers have discovered an actively exploited remote code execution vulnerability in Monsta FTP, a web-based FTP client used by financial institutions, enterprises, and individual […]
Drilling Down on Uncle Sam’s Proposed TP-Link Ban
The U.S. government is reportedly preparing to ban the sale of wireless routers and other networking gear from TP-Link Systems, a tech company that currently […]
QNAP fixes seven NAS zero-day flaws exploited at Pwn2Own
QNAP has fixed seven zero-day vulnerabilities that security researchers exploited to hack QNAP network-attached storage (NAS) devices during the Pwn2Own Ireland 2025 competition. […] ​The […]
Microsoft testing faster Quick Machine Recovery in Windows 11
Microsoft is testing a faster version of Quick Machine Recovery (QMR) and updated Smart App Control (SAC), allowing users to toggle it without requiring a […]
Malicious NuGet packages drop disruptive ‘time bombs’
Several malicious packages on NuGet have sabotage payloads scheduled to activate in 2027 and 2028, targeting database implementations and Siemens S7 industrial control devices. […] ​The […]